CVE-2026-0709 – Hikvision Wireless Access Point Authenticated Command Execution

This Hikvision patch addresses a high-severity authenticated command execution vulnerability affecting certain Hikvision Wireless Access Point models. The issue occurs due to insufficient input validation in the device firmware, allowing an attacker with valid credentials to send crafted network packets that trigger arbitrary command execution on the system. If exploited, this vulnerability could allow attackers to disrupt wireless services, alter configurations, or use the access point as a stepping stone to attack other networked systems.

The vulnerability is tracked as CVE-2026-0709 and has been assigned a CVSS v3.1 score of 7.2 (High). While authentication is required, the impact is significant because successful exploitation grants system-level control of critical network infrastructure. Hikvision has released updated firmware that resolves the issue across affected wireless access point models. There are no confirmed reports of active exploitation or zero-day use at the time of disclosure.